E9-4703. Confidentiality of Suspicious Activity Reports  

  • Start Preamble Start Printed Page 10130

    AGENCY:

    The Office of the Comptroller of the Currency, Treasury (OCC).

    ACTION:

    Notice of proposed rulemaking.

    SUMMARY:

    The OCC is proposing to amend its regulations implementing the Bank Secrecy Act (BSA) governing the confidentiality of a suspicious activity report (SAR) to: Clarify the scope of the statutory prohibition on the disclosure by a financial institution of a report of a suspicious transaction, as it applies to national banks; address the statutory prohibition on the disclosure by the government of a SAR, as that prohibition applies to the OCC's standards governing the disclosure of SARs; clarify the exclusive standard applicable to the disclosure of a SAR, or any information that would reveal the existence of a SAR, by the OCC is “to fulfill official duties consistent with the purposes of the BSA;” and modify the safe harbor provision in its rules to include changes made by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act. These amendments are based upon a similar proposal being contemporaneously issued by the Financial Crimes Enforcement Network (FinCEN).

    DATES:

    Comments must be received by June 8, 2009.

    ADDRESSES:

    Because paper mail in the Washington, DC area and received by the OCC is subject to delay, commenters are encouraged to submit comments by the Federal eRulemaking Portal or e-mail, if possible. Please use the title “Confidentiality of Suspicious Activity Reports” to facilitate the organization and distribution of the comments. You may submit comments by any of the following methods:

    Federal eRulemaking Portal—“Regulations.gov”: Go to http://www.regulations.gov,, under the “More Search Options” tab click next to the “Advanced Docket Search” option where indicated, select “Comptroller of the Currency” from the agency drop-down menu, then click “Submit.” In the “Docket ID” column, select “OCC-2009-0004” to submit or view public comments and to view supporting and related materials for this notice of proposed rulemaking. The “How to Use This Site” link on the Regulations.gov home page provides information on using Regulations.gov, including instructions for submitting or viewing public comments, viewing other supporting and related materials, and viewing the docket after the close of the comment period.

    • E-mail: regs.comments@occ.treas.gov.
    • Mail: Office of the Comptroller of the Currency, 250 E Street, SW., Mail Stop 2-3, Washington, DC 20219.
    • Fax: (202) 874-5274.
    • Hand Delivery/Courier: 250 E Street, SW., Mail Stop 2-3, Washington, DC 20219.

    Instructions: You must include “OCC” as the agency name and “Docket Number OCC-2009-0004” in your comment. In general, OCC will enter all comments received into the docket and publish them on the Regulations.gov Web site without change, including any business or personal information that you provide such as name and address information, e-mail addresses, or phone numbers. Comments received, including attachments and other supporting materials, are part of the public record and subject to public disclosure. Do not enclose any information in your comment or supporting materials that you consider confidential or inappropriate for public disclosure.

    You may review comments and other related materials that pertain to this notice of proposed rulemaking by any of the following methods:

    • Viewing Comments Electronically: Go to http://www.regulations.gov,, under the “More Search Options” tab click next to the “Advanced Document Search” option where indicated, select “Comptroller of the Currency” from the agency drop-down menu, then, click “Submit.” In the “Docket ID” column, select “OCC-2009-0004” to view public comments for this rulemaking action.
    • Viewing Comments Personally: You may personally inspect and photocopy comments at the OCC, 250 E Street, SW., Washington, DC. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by calling (202) 874-4700. Upon arrival, visitors will be required to present valid government-issued photo identification and submit to security screening in order to inspect and photocopy comments.
    • Docket: You may also view or request available background documents and project summaries using the methods described above.
    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    James Vivenzio, Senior Counsel for BSA/AML, (202) 874-5200; Ellen Warwick, Assistant Director, Litigation, (202) 874-5280; or Patrick Tierney, Senior Attorney, Legislative and Regulatory Activities, (202) 874-5090; Office of the Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    I. Background

    The BSA requires financial institutions, including national banks regulated by the OCC, to keep certain records and make certain reports that have been determined to be useful in criminal, tax, or regulatory investigations or proceedings, and for intelligence or counter intelligence activities to protect against international terrorism. In particular, the BSA and its implementing regulations require a financial institution to file a SAR when it detects a known or suspected violation of Federal law or a suspicious activity related to money laundering, terrorist financing, or other criminal activity.[1]

    SARs are used for law enforcement or regulatory purposes to combat terrorism, terrorist financing, money laundering and other financial crimes. For this reason, the BSA provides that a financial institution, and its officers, directors, employees, and agents are prohibited from notifying any person involved in a suspicious transaction that the transaction was reported.[2] To encourage the voluntary reporting of possible violations of law and regulation, and the filing of SARs, the BSA also contains a safe harbor provision which shields financial institutions making such reports from civil liability.

    FinCEN has issued rules implementing the SAR confidentiality provisions for various types of financial institutions that closely mirror the statutory language.[3] In addition, the Start Printed Page 10131Federal bank regulatory agencies implemented these provisions through similar regulations that provide SARs are confidential and generally no information about or contained in a SAR may be disclosed.[4] The regulations issued by FinCEN and the Federal bank regulatory agencies also describe the applicability of the safe harbor provision to both voluntary reports of possible and known violations of law and the required filing of SARs.[5]

    The USA PATRIOT Act of 2001 strengthened the confidentiality of SARs by adding to the BSA a new provision that prohibits officers or employees of the Federal government or any State, local, tribal, or territorial government within the United States with knowledge of a SAR, from disclosing to any person involved in a suspicious transaction that the transaction was reported, other than as necessary to fulfill the official duties of such officer or employee.[6] The USA PATRIOT Act also clarified that the safe harbor shielding financial institutions from liability covers voluntary disclosures of possible violations of law and regulations to a government agency and expanded the scope of the limit on liability to cover any civil liability which may exist “under any contract or other legally enforceable agreement (including any arbitration agreement).” [7]

    FinCEN [8] is proposing to modify its SAR rules to interpret or further interpret the provisions of the BSA that relate to the confidentiality of SARs and the safe harbor for such reporting. The OCC is proposing to amend its rules contemporaneously, based upon the proposal being issued by FinCEN, to clarify the manner in which these provisions apply to national banks and to the OCC's own standards governing the disclosure of a SAR and any information that would reveal the existence of a SAR (referred to in this preamble as “SAR information”).

    II. Overview of Proposal

    The proposed amendments to the OCC's rules include key changes that would (1) clarify the scope of the statutory prohibition on the disclosure by a financial institution of a SAR, as it applies to national banks; (2) address the statutory prohibition on the disclosure by the government of a SAR, which was added to the BSA by section 351(b) of the USA PATRIOT Act of 2001, as that prohibition applies to the OCC's standards governing the disclosure of SAR information; and (3) clarify that the exclusive standard applicable to the disclosure of SAR information by the OCC is “to fulfill official duties consistent with the purposes of the BSA,” in order to ensure that SAR information is protected from inappropriate disclosures unrelated to the BSA purposes for which SARs are filed. In addition, the proposed amendments would modify the safe harbor provision in the OCC's SAR rules [9] to include changes made by the USA PATRIOT Act.

    Furthermore, as described in section III of this SUPPLEMENTARY INFORMATION, FinCEN is simultaneously issuing for notice and comment proposed guidance regarding the sharing of SARs with affiliates. That proposed guidance interprets a provision of the proposed rulemaking, and, accordingly, should be read in conjunction with this notice.

    In a separate rulemaking, the OCC also is simultaneously proposing to amend its information disclosure regulation set forth in 12 CFR part 4, subpart C, to clarify that the exclusive standard governing the release of SAR information is set forth in 12 CFR 21.11.[10] The OCC is issuing this proposed amendment to 12 CFR part 4, subpart C, at the same time, to make clear that the OCC will disclose SAR information only when necessary to satisfy the BSA purposes for which SARs are filed.

    III. Section-by-Section Description of the Proposal

    Section 21.11(b): Definition of a SAR

    The primary purpose of the OCC's SAR rule is to ensure that a national bank files a SAR when it detects a known or suspected violation of a Federal law or a suspicious transaction related to a money laundering activity or a violation of the BSA. See 12 CFR 21.11(a). Incidental to this purpose, the OCC's SAR rule includes a section that addresses the confidentiality of SARs.

    Under the current SAR rule, the term “SAR” means “a Suspicious Activity Report on the form prescribed by the OCC.” The proposed rule simply defines a “SAR” generically as “a Suspicious Activity Report.” This change would extend the confidentiality provisions of the OCC's SAR rule to all SARs, including those filed on forms prescribed by FinCEN.[11] As a consequence, a national bank that obtained a SAR, for example, from a non-bank affiliate pursuant to the provisions of this proposed rule, would be required to safeguard the confidentiality of the SAR, even if the SAR had not been filed on a form prescribed by the OCC.

    Section 21.11(c): SARs Required

    To clarify that a national bank must file a SAR on a form “prescribed by the OCC,” the OCC is proposing to add this phrase to the introductory language of the section of the OCC's SAR rule that describes the procedures for the filing of a SAR. Accordingly, the proposed rules require a national bank to file a SAR with the appropriate Federal law enforcement agencies and the Department of the Treasury on the form prescribed by the OCC in accordance with the form's instructions, by sending a completed SAR to FinCEN in particular circumstances.[12]

    Section 21.11(k): Confidentiality of SARs

    The OCC is proposing to amend its rules regarding SAR confidentiality [13] by modifying the introductory sentence, and dividing the remainder of the current provision into two sections. The first section would describe the prohibition on disclosure of SAR information by national banks, and the rules of construction applicable to this prohibition. The second section would describe the prohibition on the OCC's disclosure of SAR information.

    Currently, the OCC's rules prohibiting the disclosure of SARs begins with the statement that SARs are confidential. Over the years, the OCC has received numerous questions regarding the scope of the prohibition on the disclosure of a SAR in its current rules. Accordingly, the OCC is proposing to clarify the scope of SAR confidentiality by more clearly describing the information that is subject to the prohibition. Like FinCEN, the OCC believes that all of the reasons for maintaining the confidentiality of SARs are equally applicable to any information that would reveal the existence of a SAR.

    The OCC, like FinCEN recognizes that in order to protect the confidentiality of Start Printed Page 10132a SAR, any information that would reveal the existence of a SAR (such as the draft of a SAR that has been filed) must be afforded the same protection from disclosure. The confidentiality of SARs must be maintained for a number of compelling reasons. For example, the disclosure of a SAR could result in notification to persons involved in the transaction that is being reported, and compromise any investigations being conducted in connection with the SAR. In addition, the OCC believes that even the occasional disclosure of a SAR could chill the willingness of a national bank to file SARs, and to provide the degree of detail and completeness in describing suspicious activity in SARs that will be of use to law enforcement. If banks believe that a SAR can be used for purposes unrelated to the law enforcement and regulatory purposes of the BSA, the disclosure of such information could adversely affect the timely, appropriate, and candid reporting of suspicious transactions. Banks also may be reluctant to report suspicious transactions, or may delay making such reports, for fear that the disclosure of a SAR will interfere with the bank's relationship with its customer. Further, a SAR may provide insight into how a bank uncovers potential criminal conduct that can be used by others to circumvent detection. The disclosure of a SAR also could compromise personally identifiable information or commercially sensitive information, or damage the reputation of individuals or companies that may be named. Finally, the disclosure of a SAR for uses unrelated to the law enforcement and regulatory purposes for which SARs are intended increases the risk that bank employees or others who are involved in the preparation or filing of a SAR could become targets for retaliation by persons whose criminal conduct has been reported.

    These reasons for maintaining the confidentiality of SARs also apply to any information that would reveal the existence of a SAR. Therefore, like FinCEN, the OCC is proposing to modify the general introduction in its rules to state that confidential treatment must also be afforded to “any information that would reveal the existence of a SAR.” The introduction also would indicate that SAR information may not be disclosed, except as authorized in the narrow circumstances that follow.

    Section 21.11(k)(i): Prohibition on Disclosure by National Banks

    The OCC's current rules provide that any national bank or person subpoenaed or otherwise requested to disclose a SAR or the information contained in a SAR must (1) decline to produce the SAR or to provide any information that would disclose that a SAR has been prepared or filed, and (2) notify the OCC.

    The proposed rules more specifically address the prohibition on the disclosure of a SAR by a national bank. The rules provide that the prohibition includes “any information that would reveal the existence of a SAR” instead of using the phrase “any information that would disclose that a SAR has been prepared or filed.” The OCC, like FinCEN, believes that this phrase more clearly describes the type of information that is covered by the prohibition on the disclosure of a SAR. In addition, the proposed rules incorporate the specific reference in 31 U.S.C. 5318(g)(2)(A)(i) to a “director, officer, employees or agent,” in order to clarify that the prohibition on disclosure extends to those individuals in a national bank who may have access to SAR information.

    Although 31 U.S.C. 5318(g)(2)(A)(i) provides that a person involved in the transaction may not be notified that the transaction has been reported, the proposed rules continue to reflect case law that has consistently concluded, in accordance with applicable regulations, that financial institutions are broadly prohibited from disclosing SAR information to any person. Accordingly, these cases have held that, in the context of discovery in connection with civil lawsuits, financial institutions are prohibited from disclosing SAR information because section 5318(g) and its implementing regulations have created an unqualified discovery and evidentiary privilege for such information that cannot be waived by financial institutions.[14] Consistent with case law and current regulation, the texts of the proposed rules do not limit the prohibition on disclosure only to the person involved in the transaction. Permitting disclosure to any outside party may make it likely that SAR information would be disclosed to a person involved in the transaction, which is absolutely prohibited by the statute.

    The proposed rules continue to provide that any national bank, or any director, officer, employee or agent of a national bank, subpoenaed or otherwise requested to disclose SAR information must decline to provide the information, citing this section of the rules and 31 U.S.C. 5318(g)(2)(A)(i), and must give notice of the request to the OCC. In addition, the proposed rules require the bank to notify the OCC of its response to the request, and require the bank to provide the same information to FinCEN. This new notification requirement was added to the proposed rules so that either or both agencies can intervene to prevent the disclosure of SAR information by a bank, if necessary.

    Section 21.11(k)(1)(ii): Rules of Construction

    The OCC, like FinCEN, is proposing rules of construction to address issues that have arisen over the years about the scope of the SAR disclosure prohibition, and to implement statutory modifications to the BSA made by the USA PATRIOT Act. The proposed rules of construction primarily describe situations that are not covered by the prohibition on bank disclosure of SAR information. The introduction to these rules makes clear that the rules of construction are each qualified by the statutory mandate that no person involved in any reported suspicious transaction can be notified that the transaction has been reported.

    The first proposed rule of construction builds on existing language to clarify that a national bank, or any director, officer, employee or agent of a national bank may disclose SAR information to FinCEN or any Federal, state, or local law enforcement agency; or any Federal or state regulatory agency that examines the financial institution for compliance with the BSA. Although the permissibility of such disclosures may be readily apparent, the proposal contains this statement to clarify that a national bank cannot use the prohibition on bank disclosure of SAR information to withhold this information from governmental authorities that are otherwise entitled by law to receive SARs and to examine for and investigate suspicious activity.

    The second proposed rule of construction provides that SAR information does not include the underlying facts, transactions, and documents upon which a SAR is based. This statement reflects case law which has recognized that, while a financial institution is prohibited from producing documents in discovery that evidence the existence of a SAR, factual documents created in the ordinary course of business (for example, business records and account information, upon which a SAR is based), may be discoverable in civil litigation under the Federal Rules of Civil Procedure.[15]

    Start Printed Page 10133

    This proposed rule of construction includes some examples of situations where a national bank may disclose the underlying facts, transactions, and documents upon which a SAR is based. The first example clarifies that a bank may disclose this information [16] to another financial institution, or any director, officer, employee or agent of the financial institution, for the preparation of a joint SAR.[17] The second example simply codifies a rule of construction added to the BSA by section 351 of the USA PATRIOT Act which provides that such underlying information may be disclosed in certain written employment references and termination notices.[18]

    The third proposed rule of construction makes clear that the prohibition on the disclosure of SAR information by a national bank does not include the sharing by a national bank, or any director, officer, employee or agent of a bank, of SAR information within the bank's corporate organizational structure, for purposes consistent with Title II of the BSA, as determined by regulation or in guidance issued by the OCC or FinCEN. This proposed rule recognizes that a national bank may find it necessary to share SAR information to fulfill its reporting obligations under the BSA, and to facilitate more effective enterprise-wide BSA monitoring and reporting, consistent with Title II of the BSA. The term “share” used in this rule of construction is an acknowledgement that sharing within a corporate organization for purposes consistent with Title II of the BSA, as determined by regulation or guidance issued by the OCC or FinCEN, is distinguishable from a prohibited disclosure.

    FinCEN and the Federal bank regulatory agencies have already issued joint guidance making clear that the U.S. branch or agency of a foreign bank may share a SAR with its head office, and that a U.S. bank or savings association may share a SAR with its controlling company (whether domestic or foreign). This guidance stated that the sharing of a SAR with a head office or controlling company both facilitates compliance with the applicable requirements of the BSA and enables the head office or controlling company to discharge its oversight responsibilities with respect to enterprise-wide risk management and compliance with applicable laws and regulations.[19]

    Elsewhere in this issue of the Federal Register, FinCEN is issuing additional guidance for notice and comment that further elaborates on sharing of SAR information within a corporate organization that FinCEN considers to be “consistent with the purposes of the BSA.” The proposed guidance would generally permit sharing of SAR information by depository institutions with their affiliates [20] that are subject to a SAR rule.[21]

    Section 21.11(k)(2): Prohibition on Disclosure by the OCC

    As previously noted, section 351 of the USA PATRIOT Act, 31 U.S.C. 5318(g)(2)(A)(ii), amended the BSA, and added a new provision prohibiting officers and employees of the government from disclosing a SAR to any person involved in the transaction that the transaction has been reported, except “as necessary to fulfill the official duties of such officer or employee.” The OCC is proposing rules to address this new section that are comparable to those being proposed by FinCEN. The proposed rules provide that the OCC will not, and no officer, employee or agent of the OCC, shall disclose SAR information, “except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act.”

    As stated in section 5318(g)(2)(A)(i), which prohibits a financial institution's disclosure of a SAR, section 5318(g)(2)(A)(ii) also prohibits the government from disclosing a SAR to “any person involved in the transaction.” The OCC, like FinCEN, is proposing to address sections 5318(g)(2)(A)(i) and (A)(ii) in a consistent manner, because disclosure by a governmental authority of SAR information to any outside party may make it likely that the information will be disclosed to a person involved in the transaction. The OCC believes that the purpose of section 5318(g)(2)(A)(ii) could be undermined unless the OCC's rules generally address the disclosure of SAR information by the OCC and its officers, employees and agents, not simply in the context of disclosure to “any person involved in the transaction.” Accordingly, the proposed rules would generally bar disclosures of SAR information by OCC officers, employees, or agents.

    However, section 5318(g)(2)(A)(ii) also narrowly permits governmental disclosures as necessary to “fulfill official duties,” a phrase that is not defined in the BSA. Consistent with the rules being proposed by FinCEN, the OCC is proposing to construe this phrase in the context of the BSA, in light of the purpose for which SARs are filed. Accordingly, the proposed rules interpret “official duties” to mean “official duties consistent with the purposes of Title II of the BSA,” namely, for “criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism.” [22] When disclosure is necessary to fulfill official duties, the OCC will make a determination, through its internal processes, that a SAR may be disclosed to fulfill official duties consistent with the BSA. This standard would permit, for example, disclosures responsive to a grand jury subpoena; a request from an appropriate Federal or State law enforcement or regulatory agency; a request from an appropriate Congressional committee or subcommittee; and prosecutorial disclosures mandated by statute or the Constitution, in connection with the statement of a government witness to be called at trial, the impeachment of a government witness, or as material exculpatory of a criminal defendant.[23] This proposed interpretation of section 5318(g)(2)(A)(ii) would ensure that SAR information will not be disclosed for a reason that is unrelated to the purposes Start Printed Page 10134of the BSA. For example, this standard would not permit disclosure of SAR information to the media.

    The proposed rules also specifically provide that “official duties” shall not include the disclosure of SAR information in response to a request for use in a private legal proceeding or in response to a request for disclosure of non-public information under 12 CFR 4.33. This statement, which corresponds to a similar provision in FinCEN's proposed rules, clearly establishes that the OCC will not disclose SAR information to a private litigant for use in a private legal proceeding, or pursuant to 12 CFR 4.33, because such a request cannot be consistent with any of the purposes enumerated in Title II of the BSA. The BSA exists, in part, to protect the public's interest in an effective reporting system that benefits the nation by helping to ensure that the U.S. financial system will not be used for criminal activity or to support terrorism. The OCC, like FinCEN, believes that this purpose would be undermined by the disclosure of SAR information to a private litigant for use in a civil lawsuit for the reasons described earlier, including, that such disclosures will chill full and candid reporting by financial institutions, including national banks.

    Finally, the proposed rules would apply to the OCC, in addition to its officers, employees, and agents. Comparable to a provision being proposed by FinCEN, the OCC is proposing to include the agency itself in the scope of coverage, because requests for SAR information are typically directed to the agency, rather than to individuals within the OCC with authority to respond to the request. In addition, agents are included in the proposed paragraph because agents of the OCC may have access to SAR information. Accordingly, this proposed interpretation would more comprehensively cover disclosures by the OCC, agents of the OCC, and protect the confidentiality of SAR information.

    Section 21.11(l): Limitation on Liability

    In 1992, the Annunzio-Wylie Act amended the BSA by providing a safe harbor for financial institutions and their employees from civil liability for the reporting of known or suspected criminal offenses or suspicious activity through the filing of a SAR.[24] FinCEN and the OCC incorporated the safe harbor provisions of the 1992 law into their SAR rules.[25] Section 351 of the USA PATRIOT Act amended section 5318(g)(3) to clarify that the scope of the safe harbor provision includes the voluntary disclosure of possible violations of law and regulations to a government agency, and to expand the scope of the limit on civil liability to include any liability which may exist “under any contract or other legally enforceable agreement (including any arbitration agreement).” The OCC, like FinCEN, has incorporated the statutory expansion of the safe harbor by placing a cross-reference to section 5318(g)(3) in the proposed rules.

    In addition, consistent with the proposed rule issued by FinCEN, this provision makes clear that the safe harbor also applies to a disclosure by a bank made jointly with another financial institution for purposes of filing a joint SAR.[26]

    Conforming Amendments to 12 CFR Part 4, Subpart C

    The OCC is proposing to amend its information disclosure rule set forth in 12 CFR part 4, subpart C. Among other things, the proposal clarifies that the OCC's disclosure of SAR information will be governed exclusively by the standards set forth in the proposed amendments to the OCC's SAR rule set forth in 12 CFR 21.11(k). See elsewhere in this issue of the Federal Register. The effect of these proposed amendments is that the OCC: (i) Will not release SAR information to private litigants; and (ii) will only release SAR information to other government agencies, in response to a request pursuant to 12 CFR 4.37(c) or in the exercise of its discretion as described in 12 CFR 4.36, when necessary to fulfill official duties consistent with the purposes of Title II of the BSA.

    IV. Request for Comments

    The OCC welcomes comments on any aspect of these proposed amendments to the SAR rules.

    The OCC has timed the release of this proposal to coincide with the issuance of the proposed rules to amend the information disclosure rules set forth in 12 CFR part 4, subpart C, so that commenters can consider each proposal in commenting on the other.

    V. OCC Solicitation of Comments on Use of Plain Language

    Section 722 of the Gramm-Leach-Bliley Act, Public Law 106-102, sec. 722, 113 Stat. 1338, 1471 (Nov. 12, 1999), requires the OCC to use plain language in all proposed and final rules published after January 1, 2000. Therefore, the OCC specifically invites your comments on how to make this proposal easier to understand. For example:

    • Have we organized the material to suit your needs? If not, how could this material be better organized?
    • Are the requirements in the proposed regulations clearly stated? If not, how could the regulations be more clearly stated?
    • Do the proposed regulations contain language or jargon that is not clear? If so, which language requires clarification?
    • Would a different format (grouping and order of sections, use of headings, paragraphing) make the regulations easier to understand? If so, what changes to the format would make them easier to understand?
    • What else could we do to make the regulations easier to understand?

    VI. OCC Community Bank Comment Request

    The OCC invites your comments on the impact of this proposal on community banks. The OCC recognizes that community banks operate with more limited resources than larger institutions and may present a different risk profile. Thus, the OCC specifically requests comment on the impact of the proposal on community banks' current resources and available personnel with the requisite expertise, and whether the goals of the proposal could be achieved, for community banks, through an alternative approach.

    VII. OCC Regulatory Analysis

    Regulatory Flexibility Act

    Under section 605(b) of the Regulatory Flexibility Act (RFA), 5 U.S.C. 605(b), the regulatory flexibility analysis otherwise required under section 604 of the RFA is not required if the agency certifies that the rule will not have a significant economic impact on a substantial number of small entities and publishes its certification and a short, explanatory statement in the Federal Register along with its rule.

    The OCC has determined that the costs, if any, associated with proposed rules are de minimis, as they simply clarify the scope of the statutory prohibition against the disclosure by financial institutions and by the government of SAR information, and clarify the scope of the safe harbor from liability for institutions that report suspicious activities. Therefore, Start Printed Page 10135pursuant to section 605(b) of the RFA, the OCC hereby certifies that this proposal will not have a significant economic impact on a substantial number of small entities. Accordingly, a regulatory flexibility analysis is not needed.

    Executive Order 12866

    The OCC has determined that this proposal is not a significant regulatory action under Executive Order 12866. We have concluded that the changes that would be made by this proposed rule will not have an annual effect on the economy of $100 million or more. The OCC further concludes that this proposal does not meet any of the other standards for a significant regulatory action set forth in Executive Order 12866.

    Paperwork Reduction Act

    We have reviewed the proposed rule in accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3506; 5 CFR 1320, Appendix A.1) (PRA) and have determined that it does not contain any “collections of information” as defined by the PRA.

    Unfunded Mandates Reform Act of 1995

    Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 104-4 (2 U.S.C. 1532) (Unfunded Mandates Act), requires that an agency prepare a budgetary impact statement before promulgating any rule likely to result in a Federal mandate that may result in the expenditure by State, local, and tribal governments, in the aggregate, or by the private sector of $100 million or more in any one year. If a budgetary impact statement is required, section 205 of the Unfunded Mandates Act also requires an agency to identify and consider a reasonable number of regulatory alternatives before promulgating a rule.

    The OCC has determined that this proposed rule will not result in expenditures by State, local, and tribal governments, or by the private sector, of $100 million or more in any one year. Accordingly, this proposal is not subject to section 202 of the Unfunded Mandates Act.

    Start List of Subjects

    List of Subjects in 12 CFR Part 21

    • Crime
    • Currency
    • National banks
    • Reporting and recordkeeping requirements
    • Security measures
    End List of Subjects

    Authority and Issuance

    For the reasons set forth in the preamble, part 21 of title 12 of the Code of Federal Regulations is proposed to be amended as follows:

    Start Part

    PART 21—MINIMUM SECURITY DEVICES AND PROCEDURES, REPORTS OF SUSPICIOUS ACTIVITIES; AND BANK SECRECY ACT COMPLIANCE PROGRAM

    1. The authority citation for part 21 continues to read as follows:

    Start Authority

    Authority: 12 U.S.C. 93a, 1818, 1881-1884, and 3401-3422; and 31 U.S.C. 5318.

    End Authority

    2. Section 21.11 is amended by revising paragraphs (b)(3), (c) introductory text, (k) and (l) to read as follows:

    Suspicious Activity Report.
    * * * * *

    (b) * * *

    (3) SAR means a Suspicious Activity Report.

    (c) SARs required. A national bank shall file a SAR with the appropriate Federal law enforcement agencies and the Department of the Treasury on the form prescribed by the OCC and in accordance with the form's instructions. The bank should send the completed SAR to FinCEN in the following circumstances:

    * * * * *

    (k) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential, and shall not be disclosed except as authorized in this paragraph (k).

    (1) Prohibition on disclosure by national banks—(i) General rule. No national bank, and no director, officer, employee, or agent of a national bank, shall disclose a SAR or any information that would reveal the existence of a SAR. Any national bank, and any director, officer, employee, or agent of any national bank that is subpoenaed or otherwise requested to disclose a SAR, or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify the following of any such request and the response thereto:

    (A) Director, Litigation Division, Office of the Comptroller of the Currency; and

    (B) The Financial Crimes Enforcement Network (FinCEN).

    (ii) Rules of construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this paragraph (k)(1) shall not be construed as prohibiting:

    (A) The disclosure by a national bank, or any director, officer, employee or agent of a national bank of:

    (1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency; or any Federal or state regulatory authority that examines the bank for compliance with the Bank Secrecy Act; or

    (2) The underlying facts, transactions, and documents upon which a SAR is based, including disclosures:

    (i) To another financial institution, or any director, officer, employee or agent of a financial institution, for the preparation of a joint SAR; or

    (ii) In connection with certain employment references or termination notices, to the full extent authorized in 31 U.S.C. 5318(g)(2)(B); or

    (B) The sharing by a national bank, or any director, officer, employee, or agent of a national bank, of a SAR, or any information that would reveal the existence of a SAR, within the bank's corporate organizational structure, for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance.

    (2) Prohibition on disclosure by the OCC. The OCC will not, and no officer, employee or agent of the OCC, shall disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, official duties shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for use in a private legal proceeding or in response to a request for disclosure of non-public information under 12 CFR 4.33.

    (l) Limitation on liability. A national bank and any director, officer, employee or agent of a national bank that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another financial institution, shall be protected from liability for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

    Start Signature

    Dated: January 22, 2009.

    John C. Dugan,

    Comptroller of the Currency.

    End Signature End Part End Supplemental Information

    Footnotes

    1.  The Annunzio-Wylie Anti-Money Laundering Act of 1992 (the Annunzio-Wylie Act), amended the BSA and authorized the Secretary of the Treasury to require financial institutions to report suspicious transactions relevant to a possible violation of law or regulation. See Public Law 102-550, Title XV, section 1517(b), 106 Stat. 4055, 4058-9 (1992); 31 U.S.C. 5318(g)(1). The OCC, Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC), Office of Thrift Supervision (OTS), and National Credit Union Administration (NCUA), (collectively referred to as the Federal bank regulatory agencies) subsequently issued virtually identical implementing regulations on suspicious activity reporting. See 12 CFR 21.11 (OCC); 12 CFR 208.62 (FRB); 12 CFR 353.3 (FDIC); 12 CFR 563.180 (OTS) and 12 CFR 748.1 (NCUA).

    Back to Citation

    3.  See, e.g., 31 CFR 103.18(e) (SAR confidentiality rule for banks); 31 CFR 103.19(e) (SAR confidentiality rule for brokers or dealers in securities).

    Back to Citation

    6.  See USA PATRIOT Act, section 351(b). Public Law 107-56, Title III, section 351, 115 Stat. 272, 321 (2001); 31 U.S.C. 5318(g)(2).

    Back to Citation

    7.  See USA PATRIOT Act, section 351(a). Public Law 107-56, Title III, section 351, 115 Stat. 272, 321 (2001); 31 U.S.C. 5318(g)(3).

    Back to Citation

    8.  FinCEN is the agency designated by the Department of the Treasury to administer the BSA, and with which SARs must be filed. See 31 U.S.C. 5318; 12 CFR 21.11(c).

    Back to Citation

    10.  See elsewhere in this issue of the Federal Register.

    Back to Citation

    11.  See, e.g., 31 CFR 103.19 (FinCEN regulations requiring brokers or dealers in securities to file reports of suspicious transactions on a SAR-S-F).

    Back to Citation

    14.  See, e.g., Whitney Nat'l Bank v. Karam, 306 F. Supp. 2d 678, 682 (S.D. Tex. 2004); Cotton v. Private Bank and Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002).

    Back to Citation

    15.  See Cotton v. Private Bank and Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002).

    Back to Citation

    16.  Although the underlying facts, transactions, and documents upon which a SAR is based may include previously filed SARs or other information that would reveal the existence of a SAR, these materials cannot be disclosed as underlying documents.

    Back to Citation

    17.  On December 21, 2006, FinCEN and the Federal bank regulatory agencies announced that the format for the SAR form for depository institutions had been revised to support a new joint filing initiative to reduce the number of duplicate SARs filed for a single suspicious transaction. “Suspicious Activity Report (SAR) Revised to Support Joint Filings and Reduce Duplicate SARs,” Joint Release issued by FinCEN, the FRB, the OCC, the OTS, the FDIC, and NCUA (Dec. 21, 2006). On February 17, 2006, FinCEN and the Federal bank regulatory agencies published a joint Federal Register notice seeking comment on proposed revisions to the SAR form. See 71 FR 8640. On May 1, 2007, FinCEN announced a delay in implementation of the revised SAR form until further notice. See 72 FR 23891. Until such time as a new SAR form is available that facilitates joint filing, institutions authorized to jointly file should follow FinCEN's guidance to use the words “joint filing” in the narrative of the SAR and ensure that both institutions maintain a copy of the SAR and any supporting documentation (See, e.g., http://www.fincen.gov/​statutes_​regs/​guidance/​html/​guidance_​faqs_​sar_​10042006.html).

    Back to Citation

    19.  “Interagency Guidance on Sharing Suspicious Activity Reports with Head Offices and Controlling Companies” (January 20, 2006).

    Back to Citation

    20.  Under FinCEN's proposed guidance, an “affiliate” of a depository institution means any company under common control with, or controlled by, that depository institution.

    Back to Citation

    21.  See, e.g., 12 CFR 21.11 (SAR rule applicable to national banks).

    Back to Citation

    22.  31 U.S.C. 5311 (setting forth the purposes of the BSA).

    Back to Citation

    23.  See, e.g., Giglio v. United States, 405 U.S. 150, 153-54 (1972); Brady v. State of Maryland, 373 U.S. 83, 86-87 (1963); Jencks v. United States, 353 U.S. 657, 668 (1957).

    Back to Citation

    24.  See supra note 1.

    Back to Citation

    25.  See 31 CFR 103.18(e) and 12 CFR 21.11(l). The safe harbor regulations are also applicable to oral reports of violations. (In situations requiring immediate attention, a financial institution must immediately notify its regulator and appropriate law enforcement by telephone, in addition to filing a SAR. See, e.g., 12 CFR 21.11(d).)

    Back to Citation

    26.  See supra note 17.

    Back to Citation

    [FR Doc. E9-4703 Filed 3-6-09; 8:45 am]

    BILLING CODE 4810-33-P

Document Information

Published:
03/09/2009
Department:
Comptroller of the Currency
Entry Type:
Proposed Rule
Action:
Notice of proposed rulemaking.
Document Number:
E9-4703
Dates:
Comments must be received by June 8, 2009.
Pages:
10129-10135 (7 pages)
Docket Numbers:
Docket ID OCC-2009-0004
RINs:
1557-AD17: Confidentiality of Suspicious Activity Report
RIN Links:
https://www.federalregister.gov/regulations/1557-AD17/confidentiality-of-suspicious-activity-report
Topics:
Crime, Currency, National banks, Reporting and recordkeeping requirements, Security measures
PDF File:
e9-4703.pdf
CFR: (1)
12 CFR 21.11